package com.kepler.social.web.comp;

import com.google.common.collect.Sets;
import com.kepler.social.service.vo.LoginUser;
import com.kepler.social.service.vo.SysUserVo;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.userdetails.UserDetails;

public abstract class BaseAuthenticationProvider {

    protected UserDetails getUserDetails(SysUserVo sysUser) {
        UserDetails user = this.createLoginUser(sysUser);
        if (!user.isEnabled()) {
            throw new DisabledException("该账户已被禁用，请联系管理员");
        } else if (!user.isAccountNonLocked()) {
            throw new LockedException("该账号已被锁定");
        } else if (!user.isAccountNonExpired()) {
            throw new AccountExpiredException("该账号已过期，请联系管理员");
        } else if (!user.isCredentialsNonExpired()) {
            throw new CredentialsExpiredException("该账户的登录凭证已过期，请重新登录");
        }
        return user;
    }

    private UserDetails createLoginUser(SysUserVo user) {
        return new LoginUser(user, Sets.newHashSet());
    }

}